9.8
CRITICAL
CVE-2023-34644
Ruijie Networks Remote Code Execution Vulnerability
Description

Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series business VPN routers EG_3.0(1)B11P216, EAP and RAP series wireless access points AP_3.0(1)B11P218, NBC series wireless controllers AC_3.0(1)B11P86 allows unauthorized remote attackers to gain the highest privileges via crafted POST request to /cgi-bin/luci/api/auth.

INFO

Published Date :

July 31, 2023, 2:15 p.m.

Last Modified :

May 14, 2024, 1:15 p.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

3.9
Public PoC/Exploit Available at Github

CVE-2023-34644 has a 2 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2023-34644 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Ruijie rg-ew1200r_firmware
2 Ruijie rg-ew300_firmware
3 Ruijie rg-ew3200gx_firmware
4 Ruijie rg-ew1200g_firmware
5 Ruijie rg-ew1800gx_firmware
6 Ruijie rg-ew300r_firmware
7 Ruijie rg-ew1200_firmware
8 Ruijie rg-eg3000xe_firmware
9 Ruijie rg-eg105g_firmware
10 Ruijie rg-eg305gh-p-e_firmware
11 Ruijie rg-eg105g-p_firmware
12 Ruijie rg-eg3230_firmware
13 Ruijie rg-eg1000e_firmware
14 Ruijie rg-eg105g-e_firmware
15 Ruijie rg-eg105gw\(t\)_firmware
16 Ruijie rg-eg105gw-x_firmware
17 Ruijie rg-eg2000ce_firmware
18 Ruijie rg-eg2100-p_firmware
19 Ruijie rg-eg209gs_firmware
20 Ruijie rg-eg310gh-e_firmware
21 Ruijie rg-eg3000eu_firmware
22 Ruijie rg-eg210g-p_firmware
23 Ruijie rg-eg3250_firmware
24 Ruijie re-eg1000m_firmware
25 Ruijie rg-eg1000c_firmware
26 Ruijie rg-nbs3100-48gt4sfp-p_firmware
27 Ruijie rg-nbs3200-24gt4xs_firmware
28 Ruijie rg-nbs3200-24sfp_firmware
29 Ruijie rg-nbs3200-8gt4xs_firmware
30 Ruijie rg-nbs3200-24gt4xs-p_firmware
31 Ruijie rg-nbs3200-48gt4xs_firmware
32 Ruijie rg-nbs3200-48gt4xs-p_firmware
33 Ruijie rg-nbs3100-24gt4sfp_firmware
34 Ruijie rg-nbs3100-24gt4sfp-p_firmware
35 Ruijie rg-nbs3100-8gt2sfp_firmware
36 Ruijie rg-nbs3100-8gt2sfp-p_firmware
37 Ruijie rg-rap1260_firmware
38 Ruijie rg-rap2266_firmware
39 Ruijie rg-rap1261_firmware
40 Ruijie rg-rap73hd_firmware
41 Ruijie rg-rap2200\(e\)_firmware
42 Ruijie rg-rap6260\(h\)_firmware
43 Ruijie rg-rap1200\(p\)_firmware
44 Ruijie rg-rap2260\(e\)_firmware
45 Ruijie rg-rap6262\(g\)_firmware
46 Ruijie rg-rap6262_firmware
47 Ruijie rg-rap2260_firmware
48 Ruijie rg-rap6202\(g\)_firmware
49 Ruijie rg-rap1201_firmware
50 Ruijie rg-rap1200\(f\)_firmware
51 Ruijie rg-rap2260\(f\)_firmware
52 Ruijie rg-rap2200\(f\)_firmware
53 Ruijie rg-rap6260\(g\)_firmware
54 Ruijie rg-rap2260\(g\)_firmware
55 Ruijie rg-rap6260\(h\)-d_firmware
56 Ruijie rg-nbc256_firmware
57 Ruijie rg-nbc512_firmware
58 Ruijie rg-s1930-24gt4sfp_firmware
59 Ruijie rg-s1930-24t4sfp-p_firmware
60 Ruijie rg-s1930-8gt2sfp_firmware
61 Ruijie rg-s1930-8gt2sfp-p_firmware
62 Ruijie rg-s1930-8t2sfp-p_firmware
63 Ruijie rg-s1930-24t4sfp_firmware
64 Ruijie rg-s1930-24gt4sfp-p_firmware
65 Ruijie rg-s1930-8t2sfp_firmware
66 Ruijie rg-ew1200g
67 Ruijie rg-ew1200r
68 Ruijie rg-ew300
69 Ruijie rg-ew3200gx
70 Ruijie rg-ew1800gx
71 Ruijie rg-ew300r
72 Ruijie rg-ew1200
73 Ruijie rg-eg3000xe
74 Ruijie rg-eg105g
75 Ruijie rg-eg305gh-p-e
76 Ruijie rg-eg105g-p
77 Ruijie rg-eg3230
78 Ruijie rg-eg1000e
79 Ruijie rg-eg105g-e
80 Ruijie rg-eg105gw\(t\)
81 Ruijie rg-eg105gw-x
82 Ruijie rg-eg2000ce
83 Ruijie rg-eg2100-p
84 Ruijie rg-eg209gs
85 Ruijie rg-eg310gh-e
86 Ruijie rg-eg3000eu
87 Ruijie rg-eg210g-p
88 Ruijie rg-eg3250
89 Ruijie re-eg1000m
90 Ruijie rg-eg1000c
91 Ruijie rg-nbs3100-48gt4sfp-p
92 Ruijie rg-nbs3200-24gt4xs
93 Ruijie rg-nbs3200-24sfp
94 Ruijie rg-nbs3200-8gt4xs
95 Ruijie rg-nbs3200-24gt4xs-p
96 Ruijie rg-nbs3200-48gt4xs
97 Ruijie rg-nbs3200-48gt4xs-p
98 Ruijie rg-nbs3100-24gt4sfp
99 Ruijie rg-nbs3100-24gt4sfp-p
100 Ruijie rg-nbs3100-8gt2sfp
101 Ruijie rg-nbs3100-8gt2sfp-p
102 Ruijie rg-rap1260
103 Ruijie rg-rap2266
104 Ruijie rg-rap1261
105 Ruijie rg-rap73hd
106 Ruijie rg-rap2200\(e\)
107 Ruijie rg-rap6260\(h\)
108 Ruijie rg-rap1200\(p\)
109 Ruijie rg-rap2260\(e\)
110 Ruijie rg-rap6262\(g\)
111 Ruijie rg-rap6262
112 Ruijie rg-rap2260
113 Ruijie rg-rap6202\(g\)
114 Ruijie rg-rap1201
115 Ruijie rg-rap1200\(f\)
116 Ruijie rg-rap2260\(f\)
117 Ruijie rg-rap2200\(f\)
118 Ruijie rg-rap6260\(g\)
119 Ruijie rg-rap2260\(g\)
120 Ruijie rg-rap6260\(h\)-d
121 Ruijie rg-nbc256
122 Ruijie rg-nbc512
123 Ruijie rg-s1930-24gt4sfp
124 Ruijie rg-s1930-24t4sfp-p
125 Ruijie rg-s1930-8gt2sfp
126 Ruijie rg-s1930-8gt2sfp-p
127 Ruijie rg-s1930-8t2sfp-p
128 Ruijie rg-s1930-24t4sfp
129 Ruijie rg-s1930-24gt4sfp-p
130 Ruijie rg-s1930-8t2sfp
: Total Affected Vendor : 1 | Products : 130
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-34644.

URL Resource
https://www.ruijie.com.cn/gy/xw-aqtg-gw/91389/ Patch Vendor Advisory
https://www.ruijienetworks.com/support/securityBulletins/cybersecurity_bulletins/10001

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
winmt/winmt

About Me

Updated: 1 day, 9 hours ago
0 stars 0 fork 0 watcher
Born at : Sept. 18, 2024, 12:59 p.m. This repo has been linked 12 different CVEs too.
Profile Photo
winmt/winmt

Self-introduction

Updated: 3 months, 2 weeks ago
1 stars 0 fork 0 watcher
Born at : May 18, 2024, 1:06 p.m. This repo has been linked 11 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-34644 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2023-34644 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
    Added Reference MITRE https://www.ruijienetworks.com/support/securityBulletins/cybersecurity_bulletins/10001 [No types assigned]
  • Initial Analysis by [email protected]

    Aug. 08, 2023

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://www.ruijie.com.cn/gy/xw-aqtg-gw/91389/ No Types Assigned https://www.ruijie.com.cn/gy/xw-aqtg-gw/91389/ Patch, Vendor Advisory
    Added CWE NIST CWE-94
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-ew1200r_firmware:3.0\(1\)b11p204:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-ew1200r:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-ew300_firmware:3.0\(1\)b11p204:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-ew300:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-ew3200gx_firmware:3.0\(1\)b11p204:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-ew3200gx:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-ew1200g_firmware:3.0\(1\)b11p204:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-ew1200g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-ew1800gx_firmware:3.0\(1\)b11p204:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-ew1800gx:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-ew300r_firmware:3.0\(1\)b11p204:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-ew300r:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-ew1200_firmware:3.0\(1\)b11p204:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-ew1200:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-eg3000xe_firmware:3.0\(1\)b11p216:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-eg3000xe:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-eg105g_firmware:3.0\(1\)b11p216:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-eg105g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-eg305gh-p-e_firmware:3.0\(1\)b11p216:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-eg305gh-p-e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-eg105g-p_firmware:3.0\(1\)b11p216:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-eg105g-p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-eg3230_firmware:3.0\(1\)b11p216:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-eg3230:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-eg1000e_firmware:3.0\(1\)b11p216:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-eg1000e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-eg105g-e_firmware:3.0\(1\)b11p216:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-eg105g-e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-eg105gw\(t\)_firmware:3.0\(1\)b11p216:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-eg105gw\(t\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-eg105gw-x_firmware:3.0\(1\)b11p216:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-eg105gw-x:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-eg2000ce_firmware:3.0\(1\)b11p216:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-eg2000ce:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-eg2100-p_firmware:3.0\(1\)b11p216:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-eg2100-p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-eg209gs_firmware:3.0\(1\)b11p216:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-eg209gs:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-eg310gh-e_firmware:3.0\(1\)b11p216:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-eg310gh-e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-eg3000eu_firmware:3.0\(1\)b11p216:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-eg3000eu:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-eg210g-p_firmware:3.0\(1\)b11p216:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-eg210g-p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-eg3250_firmware:3.0\(1\)b11p216:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-eg3250:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:re-eg1000m_firmware:3.0\(1\)b11p216:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:re-eg1000m:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-eg1000c_firmware:3.0\(1\)b11p216:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-eg1000c:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-nbs3100-48gt4sfp-p_firmware:3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-nbs3100-48gt4sfp-p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-nbs3200-24gt4xs_firmware:3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-nbs3200-24gt4xs:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-nbs3200-24sfp_firmware:3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-nbs3200-24sfp:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-nbs3200-8gt4xs_firmware:3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-nbs3200-8gt4xs:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-nbs3200-24gt4xs-p_firmware:3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-nbs3200-24gt4xs-p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-nbs3200-48gt4xs_firmware:3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-nbs3200-48gt4xs:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-nbs3200-48gt4xs-p_firmware:3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-nbs3200-48gt4xs-p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-nbs3100-24gt4sfp_firmware:3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-nbs3100-24gt4sfp:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-nbs3100-24gt4sfp-p_firmware:3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-nbs3100-24gt4sfp-p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-nbs3100-8gt2sfp_firmware:3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-nbs3100-8gt2sfp:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-nbs3100-8gt2sfp-p_firmware:3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-nbs3100-8gt2sfp-p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-rap1260_firmware:ap_3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-rap1260:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-rap2266_firmware:ap_3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-rap2266:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-rap1261_firmware:ap_3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-rap1261:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-rap73hd_firmware:ap_3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-rap73hd:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-rap2200\(e\)_firmware:ap_3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-rap2200\(e\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-rap6260\(h\)_firmware:ap_3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-rap6260\(h\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-rap1200\(p\)_firmware:ap_3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-rap1200\(p\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-rap2260\(e\)_firmware:ap_3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-rap2260\(e\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-rap6262\(g\)_firmware:ap_3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-rap6262\(g\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-rap6262_firmware:ap_3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-rap6262:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-rap2260_firmware:ap_3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-rap2260:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-rap6202\(g\)_firmware:ap_3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-rap6202\(g\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-rap1201_firmware:ap_3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-rap1201:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-rap1200\(f\)_firmware:ap_3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-rap1200\(f\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-rap2260\(f\)_firmware:ap_3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-rap2260\(f\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-rap2200\(f\)_firmware:ap_3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-rap2200\(f\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-rap6260\(g\)_firmware:ap_3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-rap6260\(g\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-rap2260\(g\)_firmware:ap_3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-rap2260\(g\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-rap6260\(h\)-d_firmware:ap_3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-rap6260\(h\)-d:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-nbc256_firmware:ac_3.0\(1\)b11p86:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-nbc256:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-nbc512_firmware:ac_3.0\(1\)b11p86:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-nbc512:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-s1930-24gt4sfp_firmware:3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-s1930-24gt4sfp:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-s1930-24t4sfp-p_firmware:3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-s1930-24t4sfp-p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-s1930-8gt2sfp_firmware:3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-s1930-8gt2sfp:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-s1930-8gt2sfp-p_firmware:3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-s1930-8gt2sfp-p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-s1930-8t2sfp-p_firmware:3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-s1930-8t2sfp-p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-s1930-24t4sfp_firmware:3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-s1930-24t4sfp:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-s1930-24gt4sfp-p_firmware:3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-s1930-24gt4sfp-p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ruijie:rg-s1930-8t2sfp_firmware:3.0\(1\)b11p218:*:*:*:*:*:*:* OR cpe:2.3:h:ruijie:rg-s1930-8t2sfp:-:*:*:*:*:*:*:*
  • CVE Modified by [email protected]

    Aug. 03, 2023

    Action Type Old Value New Value
    Changed Description A command injection vulnerability exists in the EWEB management system of Ruijie Networks ReyeeOS. An unauthenticated attacker could gain supreme control of devices through this vulnerability. The affected products in Ruijie Networks including RG-EW series home routers and repeaters prior to EW_3.0(1)B11P219, RG-NBS and RG-S1930 series switches prior to SWITCH_3.0(1)B11P219, RG-EG series business VPN routers prior to EG_3.0(1)B11P219, EAP and RAP series wireless access points prior to AP_3.0(1)B11P219, and NBC series wireless controllers prior to AC_3.0(1)B11P219. Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series business VPN routers EG_3.0(1)B11P216, EAP and RAP series wireless access points AP_3.0(1)B11P218, NBC series wireless controllers AC_3.0(1)B11P86 allows unauthorized remote attackers to gain the highest privileges via crafted POST request to /cgi-bin/luci/api/auth.
  • CVE Modified by [email protected]

    Aug. 02, 2023

    Action Type Old Value New Value
    Changed Description Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series business VPN routers EG_3.0(1)B11P216, EAP and RAP series wireless access points AP_3.0(1)B11P218, NBC series wireless controllers AC_3.0(1)B11P86 allows remote attackers to gain escalated privileges via crafted POST request to /cgi-bin/luci/api/auth. A command injection vulnerability exists in the EWEB management system of Ruijie Networks ReyeeOS. An unauthenticated attacker could gain supreme control of devices through this vulnerability. The affected products in Ruijie Networks including RG-EW series home routers and repeaters prior to EW_3.0(1)B11P219, RG-NBS and RG-S1930 series switches prior to SWITCH_3.0(1)B11P219, RG-EG series business VPN routers prior to EG_3.0(1)B11P219, EAP and RAP series wireless access points prior to AP_3.0(1)B11P219, and NBC series wireless controllers prior to AC_3.0(1)B11P219.
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-34644 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-34644 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.74 }} 0.09%

score

0.81183

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: